You are here: Home Security What is Computer Security?
Print

What is Computer Security?

Details
Category: Security
Published on Sunday, 07 August 2011 22:39
Written by Kinda Strange
Hits: 183

Computer Security is the protection afforded to an automated information system.  This protection is intended to preserve the integrity, availability, and confidentiality of all system resources.  System resources include hardware, software, firmware, data, and telecommunications.

At the heart of computer security are the objectives of confidentiality, integrity, and availability. 

Confidentiality assures the confidentiality of data and the privacy of users.  Private and/or confidential information should not be made available or disclosed to unauthorized individuals.  Users should be able to control or influence the information related to them that is collected and stored by the system.  Users should also be able to control who can disclose that information as well as to whom that information can be disclosed.  If the information is disclosed in an unauthorized fashion, the system has lost confidentiality.  Confidentiality protects personal privacy and proprietary information.

Data integrity assures that all changes are made in a specified manner as authorized.  System integrity assures that the system remains unimpaired by deliberate, inadvertent, and/or unauthorized manipulation of the system.  Unauthorized modification or destruction of the system results in the loss of integrity.  Integrity ensures that the information is authentic and beyond repute. 

Confidentiality and integrity must go hand in hand with availability.  The systems must be available to authorized users and work promptly.  The disruption of access to or use of information results in a loss of availability.  Availability ensures that access to and use of the information is timely and reliable.

It is vital to ensure the authenticity of the system.  All traffic through and changes made to the system must be genuine and able to be verified and trusted.  A method must be put into place to ensure that users are who they claim to be and that all input comes from trusted sources.  The validity of all transmissions must be validated.

All activity must be traces back to an entity.  Any security breach must be traces back to a responsible party, necessitating records of all system activities for forensic analysis.

Computer Security: Principles and Practice, by William Stallings and Lawrie Brown. Published by Prentice Hall. Copyright © 2008 by Pearson Education, Inc.